1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Similar to others, stubborn search redirect

By xheralt
Sep 19, 2011
  1. What I have is a Win2k (SP4) machine, 1.0GHz P4/256MB ram -- I know, almost not worth saving as is, but I have to try.

    I've done what amounts to the first two steps of the six-step process outlined in the board faq on my own, before signing on to this forum, so please don't take me to task for deviations from your stated procedure. Now that I've read it, I feel your stated procedure needs a little clarification. Especially since you seem to be hardnosed about people doing it wrong -- not undeservedly, you have a lot of demands on your time and you *are* providing this service free (thanx in advance, by the way)

    (1) when is one supposed to start a discussion thread, with respect to performing the listed six steps? What information needs to be in that initial post?

    (2) Is one supposed to post logs at each individual step, or are all logs supposed to be posted all at once in step 5, or should one do BOTH?

    (3) Is one making posts for each step, or, again, does one complete steps 1 through 5 before posting?

    Here is what I have so far:

    The machine is noticealy slow -- even given its OS and hardware. Spam pops up in new tabs of Firefox at random intervals. Seach redirects occur, particularly while searching on topics related to virus removal.

    Step One: existing Avast Home install has become broken. It does not load, and attempting reinstallation fails with error message:

    Step One-B attempting to install AVG Free after removing broken Avast install results in same error. Am unable to get AV working on this machine!

    Step 2: MBAM results:

    Malwarebytes' Anti-Malware

    Database version: 7709

    Windows 5.0.2195 Service Pack 4
    Internet Explorer 6.0.2800.1106

    9/19/2011 12:02:52 PM
    mbam-log-2011-09-19 (12-02-52).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 211504
    Time elapsed: 48 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Cleaner (Rogue.SpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpywareCleanerService (Rogue.SpywareCleaner) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINNT\hosts (Trojan.Agent) -> Quarantined and deleted successfully.

    Odd system behaviors persist after fixes applied. Noting that HOSTS file was affected, replace with clean version from mvps.org. They seemed on the level to me, please advise if they aren't!

    Second pass with MBAM comes back clean. Supplemetary scan with TrendMicro Housecall also comes back clean.

    It was at this point that I signed on to this board and read your steps. Step 3 is pending.

    Given the limited hardware, and the fact that Win2k is completely unsupported, if OS reinstall is the only viable option, will probably be some form of Linux. If I can talk the friend I'm helping into it...
  2. Broni

    Broni Malware Annihilator Posts: 53,860   +370

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    Go on....
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...